The present invention is directed to the field of encryption. It is more specifically directed to an encryption system.
An explanation will be given for a difference between the use of a general certificate and the use of a time-key certificate.
The use of a general certificate is shown in FIG. 1. When user B desires to encrypt data (M) and to transmit the encrypted data to user A, user B requests that a certification authority issue a certificate for user A. This certificate includes the name of user A and a public encryption key (KEa) for user A, and also the digital signature of the certification authority for all the contents. User B obtains the certificate for user A and confirms that the certification authority has provided the digital signature for the public encryption key for user A. If the digital signature is correct, user B encrypts the target message M by using the public encryption key (KEa) for user A, and transmits the encrypted message to user A.
The general certificate is used to obtain a certain guarantee for a public encryption key for a partner (xe2x80x9cApplied Cryptography,xe2x80x9d Bruce Schneier, John Wiley and Suns, Inc., pp. 185-187, 1996), i.e., to provide a guarantee that no person other than user A can decrypt the encrypted data. However, a condition for limiting the time during which user A can decrypt data can not be added to the general certificate.
One example certificate that includes an encryption key and time is the Kerberos system (xe2x80x9cComputer Network Encryption System,xe2x80x9d Toyohiko Kikuchi, NEC Creative, pp. 57-68, 1995). A server use permission certificate includes an encryption key, which is used for encrypting data exchanged between a client machine and a key authority, and values for xe2x80x9ccurrent timexe2x80x9d and xe2x80x9cvalid time.xe2x80x9d
While the encryption key in the Kerberos system includes the subject for encrypting data that are being exchanged, an encryption key of the present invention includes the subject for inhibiting decryption at times other than a decryption time. Thus, the purposes of the keys differ. Furthermore, while the Kerberos system employs a symmetric key called DES, the present invention employs an asymmetric key.
In the Kerberos system, a server use permission certificate includes a xe2x80x9ccurrent timexe2x80x9d and a xe2x80x9cvalid time.xe2x80x9dThe valid time for the issued server use permission certificate is designated to prevent the reading of a key. The valid time for present invention, however, doesn""t define time for enabling the decryption of data that was encrypted using a public encryption key included in the certificate.
In ISO X. 400 MHS (http://www.iso.ch/), instruction identifier xe2x80x9cDeferred deliveryxe2x80x9d is defined as an identifier for designating a mail delivery time. This is a description method for designating a time at which mail is to be delivered to an addressee. The identifier includes only a delivery time for a destination, and does not include a time for decrypting encrypted data. With this method, a time for decryption can not be designated in the certificate.
The UNIX system has a timed daemon program that synchronizes clocks at different workstations. This program communicates with a timed daemon program that is operating in another computer on the same LAN, and adjusts and synchronizes both clocks. However, since a daemon program merely adjust clocks, it differs from the time-key certificate manager of the present invention.
Then, there is a communication protocol called a network time protocol (NTP) that synchronizes clocks at workstations that are not linked together by a LAN (xe2x80x9cBuilding Internet Firewalls,xe2x80x9d D. B. Chapman and E. D. Zwicky, pp. 321 to 324, O""Reilly and Associates, Inc., 1995). According to this protocol, a time broadcast is received, and a time server that constantly maintains the clock of a system is employed to adjust the clock of another system on the Internet to which that system is connected. Therefore, with this method, a time for enabling decryption of encrypted data can not be designated.
And there is a Secure Time-stamping technique that employs a hash value for a digital document to prove that a document existed at a specific time (xe2x80x9cHow To Time-Stamp A Digital Document,xe2x80x9d S. Haber and W. S. Stornetta, Advances in Cryptology-CRYPTO ""90Proceedings, Springer-Verlag, pp. 437 to 455, 1991). According to this technique, when a hash value for a digital document is transmitted to a system that provides the Secure Time-stamping service, based on matching of the time-stamping hash value calculated by the system, it can be proved that the document existed at a specific time. However, this technique does not teach a method for designating a time for enabling decryption of encrypted data.
[Problems to be Solved by the Invention]
It is, therefore, one object of the present invention to provide an encryption system and method for inhibiting the decryption of encrypted data unless a decryption condition is satisfied.
It is another object of the present invention to provide a disclosure time designation file transfer system.
It is an additional object of the present invention to provide a data library system with a disclosure time control function.
It is a further object of the present invention to provide a method and a system for controlling disclosure time.
It is yet another object of the present invention to provide a configuration for a time-key certificate and a time-key certificate manager.
It is yet an additional object of the present invention to provide a method for preventing the alteration of data or wiretapping during the communication process even when data is encrypted in the same manner as for normal encryption.
It is yet a further object of the present invention to provide an encryption system and method for which an ID or a password, used for an electronic safe system that satisfies a decryption condition, need not be distributed to a person performing the decryption.
In order to provide an encryption system for inhibiting decryption of encrypted data unless conditions for decryption are met, an encryption system with time-dependent decryption is constructed that has a time-key certificate manager for issuing a time-key certificate to guarantee that a time for enabling decryption of information is limited.
An encryption system according to the present invention is shown in FIG. 2. User B requests that a time-key certificate manager (hereinafter referred to simply as a time-key manager) issue a time-key certificate, including disclosure time information, and acquires it. Data to be transmitted to user A are encrypted by using a public key for encryption (KEt) included in the time-key certificate, and the encrypted data are transmitted. User A requests a decryption key from the time-key manager to decrypt the data received from user B. When the current time meets the decryption conditions, the decryption key is transmitted to user A, who can use it to decrypt the data.
As is described above, when the time-key certificate and the time-key manager are employed, the time during which a third party can acquire a decryption key for decrypting encrypted data can be limited.
In addition, the third party employs a time-key certificate to examine the public key for encryption included in a time-key certificate to determine whether or not it satisfies the decryption conditions. The time-key manager issues a time-key certificate and then manages a decryption key.
With this arrangement, a user encrypts data using his or her machine. And when the user acquires a time-key certificate, he or she can encrypt data in the same manner as for normal encryption by using a public encryption key included in the time-key certificate. As a result, it is possible to provide a system that ensures a high level of security and that, during the communication process, can prevent the alteration of data or wiretapping, which can occur when an external service is employed for encryption.
Furthermore, when the correct signature of the time-key certificate manager is included in the time-key certificate, the user performing the encryption can trust the decryption condition service provided by the time-key certificate manager that issued the time-key certificate or by a person in charge of the server, so that an ID or a password used for an electronic safe system that satisfies a decryption condition need not be distributed to a person performing the decryption.